Source: live-config
Source-Version: 5.20190519
Severity: important
User: debian-d...@lists.debian.org
Usertags: dpkg-db-access-blocker

Hi!

This package contains several components, which directly access
the dpkg internal database, instead of using one of the public
interfaces provided by dpkg.

All these components check the presence of the .list file to assert
whether a package is installed. These components should be switched
to use something else. Either check the status for each of these
components (via dpkg-query), or these checks should be refactored
into the call site which could do the checks over the entire database
with a single call to «dpkg-query --show» instead of calling it once
per package.


This is a problem for several reasons, because even though the layout and
format of the dpkg database is administrator friendly, and it is expected
that those might need to mess with it, in case of emergency, this
“interface” does not extend to other programs besides the dpkg suite of
tools. The admindir can also be configured differently at dpkg build or
run-time. And finally, the contents and its format, will be changing in
the near future.

Thanks,
Guillem

Reply via email to